I don't think there's a need to discuss it as some kind of frightening black box that nobody's too sure about, either. As far as is known, I believe Chrome - Chromium == Branding, MP3 codecs, Pepperflash, Foxit PDF reading libs. With flash, they have some kind of special arrangement with Adobe; with the other three, it seems like it amounts to licensing bullshit that's keeping their hands tied.
There used to be that RLZ usage tracking thingy, but IIRC it got taken out. I'm sure there's other stuff like auto-update and usage statistics-gathering components added to the Chrome build as well.
If I missed anything, please do point it out.
By the way, my goal isn't to warm people up to the proprietary Chrome build. My point is more to make people feel less like they're missing out by ditching it for the freer Chromium.
It definitely has to be acknowledged that from a security perspective, it must be assumed that Chrome contains back doors and "innocently neglected" security vulnerabilities for big brother in all his various incarnations.
Do you know if "Google Chrome Helper" is part of Chromium? It seems like it, but I couldn't find clear information either way.
In any case, Google Chrome Helper makes me trust Chrome even less. Your comment made me curious about it, and it turns out that once activated, it's perpetually open in the background, often maxing out the processor, and it can't be quit without uninstalling Chrome. Supposedly it's related to Google Cloud Print and/or Flash, but I had both disabled and the above was still true.
Makes the caution about potential backdoors/vulnerabilities seem that much more reasonable.
>It definitely has to be acknowledged that from a security perspective, it must be assumed that Chrome contains back doors and "innocently neglected" security vulnerabilities for big brother in all his various incarnations.
Seems like this could be done with more respect for user/data sovereignty if done with Node.js. Essentially, you'd cat the file into the script, it would spin up an HTTP server, do some port knocking or whatever NAT-traversal-fu is necessary, then spit out a link with either your raw IP, or a preconfigured dynDNS domain name.
This way we aren't carelessly littering our data all over the "cloud".
... send people a link to https://yourname.pagekite.me/file.blah and it streams from your disk. CTRL+C and it's offline with no copies stored anywhere in the cloud. Works with entire folders too (append +indexes to generate indexes), which is good for static HTML demos. If you want a harder-to-guess URL, append the +hide flag to the command above.
And yes, it's open source and you can run your own relay/reverse-proxy if you don't want to rely on me. Give it a try! :-)
Woah, I'm in the big leagues now! Blocking us actually makes perfect sense, PageKite can be used to avoid a lot of quite reasonable corp security policies.
Know any port knocking as a service companies? If there was a reliable way to get a udp connection between hosts that I didn't have to write myself, I'd be tempted to take this on.
I think the term you're looking for is UDP hole punching, port knocking is performing a special sequence of connections (i.e. try TCP on 8100 then UDP on 4000 then TCP on 2000) to open up an additional port (like SSH) to a certain IP.
I'd be curious if there exists such a company or even any good open source libraries that can tie into other servers.
I wonder what building a Chromium version would entail. Do you think it would be a lot of work? I feel like it would have been done already if it were possible with the present extension APIs.
I'unno, man. It's probably significantly lower than 99.99% of chrome users that stick with Google as their default search despite the first-run search engine selection dialog, but also likely not too much lower, either.
What's important is that they give the choice -- not just in a tucked away settings pane or whatever, but actually flash the question in the user's face in a meaningful way. If search engine monopolies are important enough to add "friction" to user interaction, then I'd say CA oligopolies are at least doubly so. The conflict of interest factor isn't present in the case of CAs, because, AFAIK google doesn't run any themselves (yet), but I think its still very important to give users the choice.
I also want to point out that Google runs all kinds of infrastructural nodes all up and down the internet's stack. They have no problem pioneering high-performance DNS to move the web forward, and they even are running their own fiber optic network, for crying out loud. They're huge on promoting IPv6 adoption, (mainly because it will remove any significant cap on the internet's (and thus their) growth). I think they can handle a few SSL notaries.
But security behind the scenes doesn't contribute to a palpably sexy image of the web in the masses' minds, so it doesn't really help google's bottom line enough for them to care. Kind of like how while their "speed" initiative complete with JSCDNs is terrible for privacy (third party resources sending referrers to Google upon fetching), it helps to make the web seem like a more serious platform in the subconscious minds of users by increasing performance.
Sure, they can handle a few CAs, but then you've switched from the CA oligopoly to a Google monopoly. A significant fraction of the web would basically be running with Google as its sole CA.
dfc@ronin:~$ apt-cache search redshift
gtk-redshift - Adjusts the color temperature of your screen with GTK+ integration
redshift - Adjusts the color temperature of your screen
There used to be that RLZ usage tracking thingy, but IIRC it got taken out. I'm sure there's other stuff like auto-update and usage statistics-gathering components added to the Chrome build as well.
If I missed anything, please do point it out.
By the way, my goal isn't to warm people up to the proprietary Chrome build. My point is more to make people feel less like they're missing out by ditching it for the freer Chromium.
It definitely has to be acknowledged that from a security perspective, it must be assumed that Chrome contains back doors and "innocently neglected" security vulnerabilities for big brother in all his various incarnations.
So use Chromium, damnit!